OctoWatch Update – November 17, 2025

This update focuses on the network and internet traffic filtering driver. The list of changes is provided below.

Manual reinstallation of the Agent (Grabber) is required – if you are not experiencing any issues with traffic filtering or if you are using the local version, you do NOT need to update manually. We will release an automatic update shortly.

  • OpenSSL has been updated to version 3.5.1.
  • Accelerated automatic addition of SSL exceptions when the client process reports an issue with the generated certificate.
  • Fixed issues with OpenSSL re-initialization.
  • Fixed conversion of IPv6 addresses to string representation.
  • Added ARM64 configurations for components and dependencies.
  • Updated libraries: Brotli → 1.1.0, Zstd → 1.5.7, Zlib → 1.3.1.
  • Fixed an error in the proxy filter, including parsing of HTTPS proxy responses and handling of large HTTPS proxied requests.
  • Fixed multiple issues and vulnerabilities in HTTP and HTTP/2 filters:
    • Fixed handling of large header fields and splitting of large headers;
    • Fixed flow control window accounting;
    • Optimized use of the “end of stream” flag and resolved memory leaks;
    • Fixed errors related to header flags and reordering of stream identifiers;
    • Fixed handling of content-length in various scenarios (including cases with injected content and cases without content-length or chunked transfer);
    • Added support for Early Hints headers (HTTP/2 Early Hints, status code 103);
    • Added HTTP/2 support (FT_HTTP2) and updated usage examples.
  • Added support for the zstd compression algorithm for HTTP content; fixed filtering of HTTP responses combined with WebSocket data.
  • Fixed an issue with the WebSocket protocol; packets in “read-only” mode are now correctly indicated for subsequent filters.
  • Fixed SOCKS4/SOCKS response filtering and behavior in the proxy filter.
  • Fixed handling of streams with temporary files and other data stream issues.
  • Fixed errors in uncompression routines.
  • Fixed an issue with incorrect shared keys used by some web servers; fixed SSL certificate storage.
  • SSL filter behavior and compatibility:
    • The SSL filter now uses the curve list from the original TLS handshake for better compatibility;
    • The SSL filter now skips filtering for TLS_ANY_VERSION to avoid blocking data transfer.
  • Domain certificates are now removed and regenerated with each filter initialization (default behavior).
  • Legacy Unsafe Renegotiation mode is now enabled by default for TLS.
  • Fixed TLS version selection for local traffic between clients and the proxy.
  • Improved compatibility with certain FTP clients at the TLS filtering level.
  • Optimized the root certificate import procedure into system stores (including Mozilla).
  • Numerous minor fixes and security improvements have been implemented.
Post Views: 47

Related posts:

Protecting Clients’ Personal Data: How to Avoid Leaks and Fines in the United States Micromanagement: What It Is, When It Helps, and How to Prevent It from Harming Your Team Octowatch Update: 09/15/2025 Henri Fayol’s Principles of Management: Classical Foundations and Modern Relevance How to Motivate Employees in 2025: Beyond Bonuses to Sustainable Engagement

Leave a Reply

Your email address will not be published. Required fields are marked *